Commit graph

37984 commits

Author SHA1 Message Date
Elliott Hughes
3c3736e1bd Remove <sys/statvfs.h> inlines for API level 19.
API level 19 is no longer supported by the NDK.

While I'm here, let's remove the duplicated structure defintion (as
we've already done for `struct stat`).

Test: treehugger
Change-Id: I9d8286f9e7ba803f3131b6dcb0486ff1b0f9d5d1
2023-02-22 21:58:24 +00:00
Elliott Hughes
83b661802d Merge "libm: admit we use SSE4.1 in x86's libm." 2023-02-10 20:55:10 +00:00
Zijun Zhao
b080a0c8f7 Merge "Nullability check for signal module." 2023-02-10 17:34:27 +00:00
Elliott Hughes
079f6fd857 libm: admit we use SSE4.1 in x86's libm.
Although the NDK ABI for x86 doesn't include SSE4.1, it's needed for
roundss/roundsd, and we've used that (via hand-written assembler) in the
x86 libm since Android M. We've recently switched to using compiler
builtins to generate the assembler instead, and without allowing the
compiler to use SSE4.1, it can't (resulting in infinite recursion as
these functions defer to themselves for an answer).

Given that the x86 libm.so has required SSE4.1 for 8 years at this
point without anyone noticing, let alone caring, let's just retain the
status quo rather.

(Despite the fact that this caused boot failures for cf_x86, I didn't
notice when testing the 32-bit libm.so from a cf_x86_64 build because our
x86-64 ABI *does* include SSE4.1, and the BoardConfig.mk for cf_x86_64
explicitly chooses "silvermont" as the 32-bit cpu variant, implicitly
enabling SSE4.1.)

Test: llvm-objdump -d on a cf_x86 build
Change-Id: I9392d3699057fcca96677de52f8d36d377b1719a
2023-02-10 16:42:50 +00:00
Pierre-Clément Tosi
885f894553 Merge "libc_fortify: Fix typo" 2023-02-10 15:14:25 +00:00
zijunzhao
38c5344446 Nullability check for signal module.
Bugs: b/245972273
Test: None
Change-Id: I958e7fd7836afd1e6ff9f2c808171faa602022c7
2023-02-10 02:16:41 +00:00
Elliott Hughes
44e8fa7b1b Merge "Fix floor()/floorl() on armv7 arm32 devices." 2023-02-09 15:29:12 +00:00
Pierre-Clément Tosi
467e58e9ea libc_fortify: Fix typo
Test: -
Change-Id: I7ad5def655d0dbfe6b0138d322ca0c25c32c4635
2023-02-09 12:14:17 +00:00
Treehugger Robot
b7086f3062 Merge "Nullability check for math module" 2023-02-09 09:14:58 +00:00
Elliott Hughes
37d72a31ab Fix floor()/floorl() on armv7 arm32 devices.
armv8 arm32 has a single instruction for the floor() family, but armv7
arm32 doesn't. Play stupid preprocessor and namespace tricks to get
the best of both worlds (using __ARM_ARCH in code is less awkward than
trying to do similar with armv7_a and armv7_a_neon in the build system).

Bug: http://b/268267713
Test: llvm-objdump -d
Change-Id: I2a4bef6e6caa49092810f53eb7bf6ea46237743f
2023-02-09 06:54:18 +00:00
zijunzhao
195b90b83f Nullability check for math module
Bugs: b/245972273
Test: adb shell
Change-Id: I46bf02e1ed3d6e6143c780e30f95fa3af2745216
2023-02-09 00:25:29 +00:00
Elliott Hughes
769bebe4fa Merge "Move the copysign() family over to builtins all the time." 2023-02-08 15:58:13 +00:00
Elliott Hughes
0d2c71d882 Move the copysign() family over to builtins all the time.
Test: llvm-objdump -d
Change-Id: Ic65250652362fd69bda31605b215d1a587cb5bce
2023-02-08 01:26:43 +00:00
Treehugger Robot
bc516bf20a Merge "Nullability check for eventfd module" 2023-02-07 22:50:56 +00:00
Christopher Ferris
304ca86948 Merge "Skip zeroed malloc tests on hwasan." 2023-02-07 21:47:36 +00:00
Christopher Ferris
8ab38e2b9a Skip zeroed malloc tests on hwasan.
The gwp_asan_integration.malloc_tests_under_torture test fails
when trying to run the malloc.zeroed* tests. So skip these
tests in that config.

Bug: 267386540

Test: All tests pass in hwasan and normal config.
Change-Id: I8edce28ee21eeecbcc9afb7db4ffdb6371a914b0
2023-02-07 13:11:05 -08:00
zijunzhao
9729c193cb Nullability check for eventfd module
Bugs: b/245972273
Test: None
Change-Id: I5a74318850f3e49dd9d78180476e2a9d76853606
2023-02-07 20:47:11 +00:00
Treehugger Robot
f82ee4a37a Merge "Nullability check for klog module" 2023-02-07 16:35:27 +00:00
Elliott Hughes
d7cf151304 Merge "Let clang generate most of our assembler for x86/x86-64 too." 2023-02-07 16:30:12 +00:00
Treehugger Robot
f9445fee15 Merge "Nullability check for stat module" 2023-02-07 06:59:37 +00:00
zijunzhao
1cda74daba Nullability check for stat module
Bugs: b/245972273
Test: None
Change-Id: I8611c7d7c22e2fb6b0cec4b5101dbcb3174ae706
2023-02-07 06:58:39 +00:00
Elliott Hughes
2f1a7b9852 Let clang generate most of our assembler for x86/x86-64 too.
It looks like the only functions current clang can't do are the lrint
family. Everything else looks good, and the fact that clang has builtins
means we shouldn't normally see calls to any of these functions anyway.

Test: llvm-objdump
Change-Id: I65b4da96b6c9b10f01cb54a7ebd1de5934ba4488
2023-02-07 01:22:29 +00:00
Elliott Hughes
475275b3ec Merge "Fix setfsgid()/setfsuid() for LP32." 2023-02-06 21:22:36 +00:00
Elliott Hughes
4587c15368 Merge "libm: remove hand-written assembler for arm32 too." 2023-02-06 21:09:10 +00:00
Treehugger Robot
a3357c28f5 Merge "Nullability check for quota module" 2023-02-04 04:12:16 +00:00
Treehugger Robot
bb0913ee64 Merge "Nullability check for sysinfo module" 2023-02-04 02:50:14 +00:00
Elliott Hughes
8dc9f46a3f Fix setfsgid()/setfsuid() for LP32.
These are system calls where the "good" names are camped by
implementations that only work for 16-bit ids, and you need to say "32"
on LP32 to get sensible behavior.

Noticed when disabling CONFIG_UID16 in the kernel.

Bug: http://b/266732373
Test: llvm-objdump -d
Change-Id: Ib1b5822b030c4f86df755b129ec7b435a7f77cd3
2023-02-03 23:10:04 +00:00
zijunzhao
e716b1b3ee Nullability check for klog module
Bugs: b/245972273
Test: adb shell
Change-Id: I43634184ff8785fa8096d7e8034b22da452cfdd4
2023-02-03 21:56:56 +00:00
zijunzhao
4b8a126255 Nullability check for sysinfo module
Bugs: b/245972273
Test: None
Change-Id: Ie351c609136d1873d3969788246d8a4d8b77ac55
2023-02-03 20:05:05 +00:00
zijunzhao
7833a70000 Nullability check for quota module
Bugs: b/245972273
Test: adb shell
Change-Id: Ic300055163c852d1955d0dc419794b25395ce9a3
2023-02-03 20:03:34 +00:00
Mitch Phillips
3d577a836d Merge "Add the recoverable GWP-ASan feature." 2023-02-03 18:35:08 +00:00
Mitch Phillips
64c7d18f29 Merge "[GWP-ASan] Add TURN_ON_FOR_APP_SAMPLED_NON_CRASHING to android_mallopt" 2023-02-03 18:35:08 +00:00
Elliott Hughes
47aa5b93fe libm: remove hand-written assembler for arm32 too.
The clang builtins for arm32 give us identical code to what we had for
sqrt()/sqrtf(), and significantly better (neon) code for
floor()/floorf() than the integer-only implementations we had.

Test: llvm-objdump
Change-Id: I224bcfcf4739a80e1a7cdd07b0b1fa232fdf2dab
2023-02-03 01:21:12 +00:00
Mitch Phillips
2480f491be [GWP-ASan] Add TURN_ON_FOR_APP_SAMPLED_NON_CRASHING to android_mallopt
This mode allows an android_mallopt(M_INITIALIZE_GWP_ASAN, ...) to turn
on the recoverable, sampled mode. This is the intended mode for
non-system apps that don't specify the gwpAsanMode in Android U.

Bug: 247012630
Test: Patch the zygote to use this option, launch an app with
gwpAsanMode unspecified, trigger a use-after-free, assert the app uses
the recoverable mode.

Change-Id: I701e10f44b2e2694789cc5ec6f0af4bc0c55b9e4
2023-02-02 15:58:35 -08:00
Mitch Phillips
a493fe4153 Add the recoverable GWP-ASan feature.
GWP-ASan's recoverable mode was landed upstream in
https://reviews.llvm.org/D140173.

This mode allows for a use-after-free or a buffer-overflow bug to be
detected by GWP-ASan, a crash report dumped, but then GWP-ASan (through
the preCrashReport() and postCrashReportRecoverableOnly() hooks) will
patch up the memory so that the process can continue, in spite of the
memory safety bug.

This is desirable, as it allows us to consider migrating non-system apps
from opt-in GWP-ASan to opt-out GWP-ASan. The major concern was "if we
make it opt-out, then bad apps will start crashing". If we don't crash,
problem solved :). Obviously, we'll need to do this with an amount of
process sampling to mitigate against the 70KiB memory overhead.

The biggest problem is that the debuggerd signal handler isn't the first
signal handler for apps, it's the sigchain handler inside of libart.
Clearly, the sigchain handler needs to ask us whether the crash is
GWP-ASan's fault, and if so, please patch up the allocator. Because of
linker namespace restrictions, libart can't directly ask the linker
(which is where debuggerd lies), so we provide a proxy function in libc.

Test: Build the platform, run sanitizer-status and various test apps
with recoverable gwp-asan. Assert that it doesn't crash, and we get a
debuggerd report.
Bug: 247012630

Change-Id: I86d5e27a9ca5531c8942e62647fd377c3cd36dfd
2023-02-02 15:35:25 -08:00
Zijun Zhao
720454abc3 Merge "Nullability check for unistd module" 2023-02-01 23:26:59 +00:00
zijunzhao
3d59110f72 Nullability check for unistd module
Bugs: b/245972273
Test: None
Change-Id: I6037b1cd0bf233476a1cc0fbc8308a87de50c550
2023-02-01 20:40:35 +00:00
Elliott Hughes
b9ba77155b Merge "Use clang's builtins for sqrt()/sqrtf() and lrint() family." 2023-02-01 18:53:20 +00:00
Automerger Merge Worker
37edb9f57b Merge changes from topic "am-175e2e8057294130a781e5984587871d"
* changes:
  [automerger skipped] Merge "Extend bionic-unit-tests timeout." into android13-tests-dev am: 9c1e170668 -s ours
  [automerger skipped] Extend bionic-unit-tests timeout. am: 7a8366fede -s ours
2023-02-01 17:56:17 +00:00
Treehugger Robot
b9ba5662c7 [automerger skipped] Merge "Extend bionic-unit-tests timeout." into android13-tests-dev am: 9c1e170668 -s ours
am skip reason: Merged-In Ibd983da1c8fd06cffed756cf3b24523f4671d49e with SHA-1 1f3c8d688c is already in history

Original change: https://android-review.googlesource.com/c/platform/bionic/+/2417212

Change-Id: I510ffb0ddf181b01fe02d4941459b4191c34ff42
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-02-01 17:56:07 +00:00
Mitch Phillips
a03d444908 [automerger skipped] Extend bionic-unit-tests timeout. am: 7a8366fede -s ours
am skip reason: Merged-In Ibd983da1c8fd06cffed756cf3b24523f4671d49e with SHA-1 1f3c8d688c is already in history

Original change: https://android-review.googlesource.com/c/platform/bionic/+/2417212

Change-Id: I053bc61afe5a19604d7d436892f351c94c2b89ac
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-02-01 17:56:05 +00:00
Treehugger Robot
9c1e170668 Merge "Extend bionic-unit-tests timeout." into android13-tests-dev 2023-02-01 17:36:01 +00:00
Mitch Phillips
7a8366fede Extend bionic-unit-tests timeout.
GWP-ASan stress tests can take a while, especially under HWASan.

Bug: 238585984
Test: sleep(100) in one of the tests, and then 'atest bionic-unit-tests'
Merged-In: Ibd983da1c8fd06cffed756cf3b24523f4671d49e
Change-Id: Ibd983da1c8fd06cffed756cf3b24523f4671d49e
(cherry picked from commit 1f3c8d688c)
2023-02-01 12:43:34 +00:00
Elliott Hughes
2dcc5ce03c Use clang's builtins for sqrt()/sqrtf() and lrint() family.
Bug: https://github.com/google/android-riscv64/issues/12
Test: llvm-objdump
Change-Id: I2b5647ca245b28433faabe633d970ea2fd69c763
2023-02-01 02:05:24 +00:00
Treehugger Robot
b8a7a2ffbc Merge "Add BIONIC_COMPLICATED_NULLNESS as _Null_unspecified" 2023-02-01 01:41:10 +00:00
zijunzhao
93eb87007a Add BIONIC_COMPLICATED_NULLNESS as _Null_unspecified
In some cases, the nullability of the pointer argument is too
complicated. Developers have better check relevant manuals or
code before annotating.

Bugs: b/245972273
Test: None
Change-Id: I3589a5080b267d1766cc8ed99868129ac16e4012
2023-01-31 22:51:30 +00:00
Christopher Ferris
c36823f7e8 Merge "Purge memory." 2023-01-31 22:19:00 +00:00
Christopher Ferris
b70b4e1f62 Merge "Verify that allocated memory is always zeroed." 2023-01-31 21:45:18 +00:00
Treehugger Robot
ab3fc60149 Merge "Nullability check for fcntl module" 2023-01-31 01:56:33 +00:00
Christopher Ferris
aa3e57469c Purge memory.
Some operations wind up allocating then freeing a significant
amount of memory. So after those operations, do a purge so that
the RSS of the process is not artificially inflated.

Bug: 262321164

Test: Ran unit tests.
Test: Verified after this change, the RSS does not go up after running
Test: am dumpheap -n <PID>.
Change-Id: I08477f8ce12c06fd2a068f536a81f4a577d619e2
2023-01-31 01:37:11 +00:00